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Amendments to the Claims: 
This listing of claims replaces all prior versions and listings of claims in the application: 

Listing of Claims : 



1-20. (Cancelled) 



21 . (New) Method for authenticating a user for access to at least two entities of a data 
transmission network by means of a terminal, which method includes the following series of 
steps: 

a random number is transmitted to the terminal, 

data for authenticating the user to the two entities of the network is calculated using at 
least one predefined cryptographic algorithm applied to the random number received and 
at least one secret key specific to the user, 

the terminal inserts, in an access request, data for identifying the user to said entities of 
the network and the calculated authentication data, and transmits the access request to an 
access controller, 

the access controller transmits, to each of the two entities, a respective authentication 
request containing the identification data and the data for authenticating the user to said 
entities of the network, contained in the access request, 

authentication servers of the entities carry out a user authentication procedure, on the 
basis of user identification and authentication data, contained in the authentication 
requests, and 

authentication reports containing results of the authentication procedures carried out by 
the authentication servers of each of said network entities are transmitted to the terminal. 



Applicant 
Serial No. 
Filed 
Page 



Transy et aL 
To be assigned 
Herewith 
3 of? 



Attorney's Docket No.: 18394-017US1 
/RVL/PA61423US 



22. (New) Method according to claim 21, characterized in that it includes a preliminary step in 
which the terminal establishes a cormection with a specialized server by means of the network, 
wherein the random number is generated and transmitted to the terminal by the specialized 
server when the connection has been established. 

23. (New) Method according to claim 22, characterized in that the access request transmitted by 
the terminal is transmitted to the specialized server which inserts therein the random number 
used to calculate the authentication data, the access request is then transmitted to the access 
controller which inserts the random number into the authentication requests transmitted to the 
two entities. 

24. (New) Method according to claim 21, characterized in that the identification data inserted 
into the access request is in the form: "IdA@DomainA" in which: 

"IdA" represents the identifier for identifying the user to the network entity, 
"DomainA" represents the identifier of the network entity in the network, with the access 
controller determining the entities to whom the authentication requests v^U be transmitted on the 
basis of the "DomainA" identifiers of the network entity contained in the access request. 

25. (New) User terminal capable of accessing, by means of the access network, at least two 
entities connected to a data transmission network: 

characterized in that it includes: 

means for transmitting access requests to an entity of the network, which requests contain 
data for identifying and authenticating the user to the network entity; 
means for receiving a random number when a connection with the network is established, 
cryptographic calculating means for applying at least one predefined cryptographic 
algorithm to the random number received so as to obtain data for authenticating the user 
to at least two entities of the network, and means for inserting, into each transmitted 
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access request, data for identifying the user to two network entities and the calculated 
authentication data. 

26. (New) Terminal according to claim 25, characterized in that it includes an extemal module' 
designed to be connected to each of the user terminals and including means for receiving the 
random number from the terminal to which it is connected, cryptographic calculation means for 
executing the predefined cryptographic algorithm based on the random number, and for 
transmitting, to the terminal, at least one data item for authenticating the user to an entity of the 
network, obtained by the cryptographic calculations. 

27. (New) Access controller, characterized in that it includes means for receiving requests for 
access to at least two entities of a data transmission network coming from user terminals and 
transmitted via said network, means for extracting, from each of the access requests, the data for 
identifying and authenticating the user to at least two network entities, means for transmitting, to 
each of the two entities, a respective authentication request containing the data for identifying 
and authenticating the user to the two entities, contained in the access request. 

28. (New) Access controller according to claim 27, characterized in that it also includes means 
for receiving user authentication reports, transmitted by the entities in response to the 
authentication requests, and means for transmitting, to the user terminal, and authentication 
report based on the reports received fi-om the entities. 

29. (New) System for authenticating a user in an attempt to access at least two entities of a data 
transmission network to which network entities are cormected, and which user terminals can 
access by means of access networks, characterized in that it includes: 

a user terminal characterized in that it includes: 

- means for transmitting access requests to an entity of the network, which requests 
contain data for identifying and authenticating the user to the network entity; and 
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- means for receiving a random number when a connection with the network is 
established, cryptographic calculating means for applying at least one predefined 
cryptographic algorithm to the random number received so as to obtain data for 
authenticating the user to at least two entities of the network, and means for inserting, 
into each transmitted access request, data for identifying the user to two network entities 
and the calculated authentication data; 

at least one authentication server for each of the network entities, designed to identify and 
authenticate the users on the basis of identification and authentication data contained in the 
access requests received; 

an access controller characterized in that it includes means for receiving requests for 
access to at least two entities of the data transmission network coming from user terminals and 
transmitted via said network, means for extracting, from each of the access requests, the data for 
identifying and authenticating the user to at least two network entities, means for transmitting, to 
each of the two entities, a respective authentication request containing the data for identifying 
and authenticating the user to the two entities, contained in the access request. 

30. (New) System according to claim 29, characterized in that it also includes a specialized 
server connected to the network so as to be connected to the user terminals when a cormection 
has been established between the terminal and the network, wherein the specialized server 
includes means for generating and transmitting a random number to each of the terminals with 
which a cormection is established, and means for inserting the random nimiber into each of the 
access requests transmitted by the terminals. 

3 1 . (New) System according to claim 29, characterized in that each entity of the network 
includes means for storing secret keys of users, means for determining the data for authenticating 
the user to the entity by applying the predefined algorithm to the random number received in a 
authentication request and to the secret user key, and for comparing the result obtained to the 
user authentication data received in the authentication request, wherein the user is properly 
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authenticated by the entity only if the result of the cryptographic calculation obtained is identical 
to the authentication data contained in the authentication request. 



4 



